Business Interruption

From Data Breaches to Business Continuity: Evolving Cyber Security for Insurers

Key Findings

The vast majority of Australian (78%) and global (84%) insurers have implemented enhanced cyber security measures to combat the increasing severity of cyber events.
Nearly half of Australian and global insurers identify data and cyber security risks as the most common challenge faced by businesses in the insurance landscape, making it the top-mentioned overall concern.
80% of Australian insurers have implemented enhanced vendor management processes to prevent improper data loss.

Cyber security in business resilience

Global business operations rely heavily on digital technologies and interconnected systems, making robust cyber security measures essential to business continuity. As the volume of data stored in cloud environments continues to grow, many insurers are navigating how to harness these technologies effectively while ensuring sensitive information remains secure.

In the last 12 months, cyber security risks have become one of the most significant challenges facing businesses. Nearly half of global and Australian insurers identified data and cyber security risks as their primary overall concern in our 2025 survey. This highlights the increasing urgency to address vulnerabilities that could result in operational disruptions, reputational damage, or financial losses.

A Global IT crisis

In July 2024, a cyber security incident involving a major technology company disrupted industries worldwide. A flawed security software update resulted in a massive IT outage, impacting business operations ranging from airlines to hospitals. Experts considered it ‘the largest IT outage in history’ ^[¹ ^] as businesses faced cascading operational challenges, from cancelled flights and delayed medical services to interrupted supply chains.

The incident underscored the critical importance of robust cyber security measures, and the risks associated with deploying updates in mission-critical environments. For many, it served as a stark reminder of how business interruption caused by cyber events can amplify operational costs, erode customer trust, and create legal liabilities.

Our survey findings reflect this heightened awareness, with 84% of global and 78% of Australian insurers implementing enhanced cyber security measures to address the rising frequency and severity of cyber events. These proactive steps demonstrate an industry-wide focus on mitigating future risks.

Strategic responses to evolving cyber threats

The implications of cyber security risks extend far beyond data breaches. From legal liabilities to prolonged business interruptions, the fallout of a cyber event can be severe. For insurers, who manage vast amounts of sensitive customer data, the stakes are particularly high. These challenges highlight a broader industry acknowledgment that building resilience against cyber threats demands a multifaceted approach.

Additionally, 62% of Australian insurers have introduced stricter data security and privacy protocols into their risk management strategies, aiming to protect against improper data release. Furthermore, 80% of Australian insurers have implemented stricter data-sharing protocols to their strategies, ensuring that sensitive information is handled securely at every stage.

Managing risks through vendor relationships

Managing vendor relationships is a crucial component of safeguarding data and privacy. Globally, nearly two-thirds of surveyed insurers now focus on regular vendor audits and assessments in response to the prevalence of cyber events, while in Australia, almost half of the respondents have also taken similar steps. This strategic shift signals a growing focus on securing the supply chain as an extension of internal operations.

By strengthening vendor relationships and enforcing higher security standards, insurers are reducing the potential for business disruptions originating from third-party partners. This holistic approach highlights the importance of a secure, well-managed ecosystem in maintaining operational continuity.

^{[1] Thornton, Kathleen. “}^{CrowdStrike Incident: What Happened and How Can We Learn from it}^,”^{University of Maryland Global Campus}^{, 19 Aug 2024.}